WIP: Add authentik roles #1

Draft
ada wants to merge 4 commits from authentik into main
5 changed files with 76 additions and 1 deletions
Showing only changes of commit c9a1def59e - Show all commits

View file

@ -12,7 +12,7 @@
- role: timesyncd - role: timesyncd
when: ansible_facts['os_family'] == "Debian" when: ansible_facts['os_family'] == "Debian"
- role: ufw - role: ufw
when: ansible_facts['os_family'] == "Debian" when: ansible_facts['os_family'] == "Ubuntu"
- name: Resolver - name: Resolver
hosts: resolver hosts: resolver

View file

@ -1,19 +1,28 @@
<<<<<<< HEAD
--- ---
=======
>>>>>>> 2410885 (Add knot roles)
all: all:
hosts: hosts:
resolver-1: resolver-1:
ansible_host: 10.20.0.42 ansible_host: 10.20.0.42
<<<<<<< HEAD
dhcp-1: dhcp-1:
ansible_host: 10.20.0.43 ansible_host: 10.20.0.43
authoritative-1: authoritative-1:
ansible_host: 10.20.0.44 ansible_host: 10.20.0.44
=======
>>>>>>> 2410885 (Add knot roles)
children: children:
resolver: resolver:
hosts: hosts:
resolver-1: resolver-1:
<<<<<<< HEAD
kea-dhcp: kea-dhcp:
hosts: hosts:
dhcp-1: dhcp-1:
dns-authoritative: dns-authoritative:
hosts: hosts:
authoritative-1: authoritative-1:
=======
>>>>>>> 2410885 (Add knot roles)

View file

@ -0,0 +1,19 @@
---
- name: Package cache update
become: true
ansible.builtin.package:
update_cache: true
- name: Restart knot resolver
become: true
ansible.builtin.service:
state: restarted
name: kresd@{{ item }}.service
with_sequence: count={{ ansible_processor_vcpus }}
- name: Enable knot resolver
become: true
ansible.builtin.service:
enabled: true
name: kresd@{{ item }}.service
with_sequence: count={{ ansible_processor_vcpus }}

View file

@ -0,0 +1,21 @@
---
- name: Install knot repository
ansible.builtin.apt:
deb: https://secure.nic.cz/files/knot-resolver/knot-resolver-release.deb
notify:
- Package cache update
- name: Install knot resolver
ansible.builtin.apt:
name: knot-resolver
notify:
- Enable knot resolver
- Restart knot resolver
- name: Configure
ansible.builtin.template:
src: kresd.conf.j2
dest: /etc/knot-resolver/kresd.conf
mode: "0644"
notify:
- Restart knot resolver

View file

@ -0,0 +1,26 @@
net.listen('{{resolver_ip}}', 53, { kind = 'dns'})
cache.size = 128 * MB
modules = {
'hints > iterate', -- Allow loading /etc/hosts or custom root hints
'predict', -- Prefetch expiring/frequent records
}
modules.load('prefill')
prefill.config({
['.'] = {
url = 'https://www.internic.net/domain/root.zone',
interval = 86400, -- seconds
}
})
modules.load('view')
view:addr('127.0.0.0/8', policy.all(policy.PASS))
view:addr('::1/128', policy.all(policy.PASS))
{% for prefix in kresd_allow %}
view:addr('{{ prefix }}', policy.all(policy.PASS))
{% endfor %}
view:addr('0.0.0.0/0', policy.all(policy.DROP))
view:addr('::/0', policy.all(policy.DROP))
log_target('stdout')
log_level('debug')